CLICK ME
yes, even hidden code blocks!
print("hello world!")
USG and UAP - security gateway and access ponit adoption/initial config | |
- devices want to live on 192.168.1 network. | |
- IP address can be set through the controller, in the Networks tab, or using CLI (configure, set interfaces ethernet eth1 address 10.10.10.1/24, delete interfaces ethernet eth1 address 192.168.1.1/24, | |
commit) | |
- the DNS name used in the Controller tab must resolve to the right IP, else succesful adoption will requie login to the device and "mca-cli, set-inform http://controller-IP-or-resolving-fqdn):8080/inform | |
Controller setup: | |
-- runs fine in docker | |
-- cloud key is convenient, but it was flakey for me. This is not expected, people have good luck with them. |
Ubertooth
Setup:
function msa_scan_arp () { | |
## Discover hosts on a /24 that respond to arp requests. | |
# Write information about hosts that responded to a file. | |
# | |
# ex: msa_resolve_arp 192.168.1 arp-scan.txt | |
# yep, this is an ugly hack | |
# arping -w should provide a qicker timeout for IPs that do not respond, but it works in a way I do not seem to understand. | |
NET=$1; shift; | |
FILENAME=$1; shift |
auto bond0 | |
iface bond0 inet static | |
address 10.1.10.1 | |
netmask 255.255.255.0 | |
hwaddress ether aa:aa:aa:aa:aa:aa # else mac can float based on what's bonded | |
post-up ifenslave bond0 eth1 eth2 eth3 eth4 eth5 | |
# to verify/monitor | |
cat /proc/net/bonding/bond0 |
Movign a bootable ISO to USB drive on OSX: | |
- Insert the USB drive. For portability, format as FAT | |
- The drive will mount, unmount the volume (but do not "eject") | |
user $ sudo diskutil unmountDisk /dev/disk2 | |
Unmount of all volumes on disk2 was successful | |
- I need a GPT partition, in place of some junk here, so OSX formating tools will work just fine: | |
#https://geoff.greer.fm/2017/07/16/thinkpad-x62/ | |
#!/bin/sh | |
# Disable the NMI watchdog | |
echo '0' > '/proc/sys/kernel/nmi_watchdog'; | |
# Runtime power management for I2C devices | |
for i in /sys/bus/i2c/devices/*/device/power/control ; do | |
echo auto > ${i} |
On Twitter the other day, I was lamenting the state of OCSP stapling support on Linux servers, and got asked by several people to write-up what I think the requirements are for OCSP stapling support.
Support for keeping a long-lived (disk) cache of OCSP responses.
This should be fairly simple. Any restarting of the service shouldn't blow away previous responses that were obtained. This doesn't need to be disk, just stable - and disk is an easy stable storage for most server
# https://gist.github.com/marcinantkiewicz/9ac20677145f246eb01cd1759cb03f35 | |
# Author: Marcin Antkiewicz | |
# marcin@kajtek.org | |
# @deciban | |
# Use: | |
#find_chrome_extensions -OutputDir "c:\" | |
#idea ref: https://www.reddit.com/r/PowerShell/comments/5px71w/getting_chrome_extensions/ | |
#PS 2.o has no convertfrom-json, 2.0 helper from http://stackoverflow.com/questions/28077854/powershell-2-0-convertfrom-json-and-convertto-json-implementation |
1) DHCP - iptables rules are not reuqired to make DHCP work. | |
Linux kernel will not send traffic via ethernet interface untill it has an IP address assigned. DHCP client uses raw sockets to | |
communicate with the DHCP server, which happens before Iptables have change to process the traffic. | |
2) iptables rule = classifier (iptable match) + action (iptables target) | |
Chains in which rules are applied: | |
- mangle - used to control TOS attributes, MARKs, TTL. Single table. | |
- filter - policy decision take place here. Tables: forward (target behind firewall, input (traffic to firewall), output (return, or originating traffic). | |
- nat - changes to src/dst IPs. Tables: |